In this article, we will explore how to configure Ansible to manage Windows servers using OpenSSH. This approach is particularly useful when WinRM is blocked or not feasible due to organizational policies.
Prerequisites
- OpenSSH server installed and configured on the Windows machine
- Ansible installed on the control node
- Key-based authentication set up for passwordless login (optional but recommended)
Below is the ansible-playbook -i inventory.ini winconfig.yml output result which shows playbook running fine on windows over SSH.
If you haven't install OpenSSH server on Microsoft Windows and tested SSH connection, you can use below article steps to configure it.
Part 1: OpenSSH Server configuration for Windows
Part 2: Key based passwordless authentication to Microsoft Windows OpenSSH Server
Part 3: Configuring Ansible to Manage Windows Servers via OpenSSH
Here is winconfig.yml file, It contains the tasks to install test application remotely from ansible, which I needed to setup in clients organization. In the given below task it mounts shared drive, copy setup files and installs exe.
Download this complete WinSSH_Ansible playbook here or it is also available on github.com.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
--- - hosts: win_openssh gather_facts: no tasks: - name: Create directory structure ansible.windows.win_file: path: C:\Temp\ state: directory - name: Disconnect a mapped drive under Z command Line ansible.windows.win_shell: | try { Get-PSDrive -Name Z -ErrorAction Stop net use /persistent:no net use Z: /delete } catch { "Z drive doesn't Exists" } - name: Disconnect a mapped drive under Z ansible.windows.win_mapped_drive: letter: Z state: absent - name: Create a mapped drive under Z ansible.windows.win_mapped_drive: letter: Z path: \\192.168.34.11\sharedrive state: present username: vcloud-lab\vjanvi #vjanvi@vcloud-lab.com password: Computer@123 - name: Copy a folder recursively where the source is on the remote host ansible.windows.win_copy: src: Z:\npp.8.7.9.Installer.x64.exe dest: C:\Temp\ remote_src: true - name: Install notepad++ from the exe ansible.windows.win_package: path: C:\Temp\npp.8.7.9.Installer.x64.exe product_id: NotePad++ arguments: /S state: present |
The inventory.ini file contains information about the Windows OpenSSH servers that Ansible will manage. Here's an example inventory file. In case you haven't setup key based authentication to Microsoft Windows OpenSSH you can remove comment and enable ansible_password.
1 2 3 4 5 6 7 8 9 10 11 |
[win] win_openssh ansible_host=192.168.34.41 [win:vars] ansible_user=administrator #ansible_password=Computer@123 ansible_connection=ssh ansible_shell_type=cmd ansible_ssh_common_args=-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ansible_ssh_retries=3 ansible_become_method=runas |
The playbook defines the tasks that Ansible will execute on the Windows servers. Here's an example playbook that:
- Creates a directory structure
- Disconnects and reconnects a mapped drive
- Copies files from the mapped drive to the local machine
- Installs an application (Notepad++) using the win_package module
Below are the screenshot configuration of Remote share drive and it files and folder share and security permission only one user is having complete full control.
Conclusion
In this article, we demonstrated how to configure Ansible to manage Windows servers using OpenSSH. This approach provides a flexible and secure way to automate tasks on Windows servers, especially when WinRM is not feasible. By using key-based authentication and Ansible's win modules, you can automate a wide range of tasks on your Windows servers.
Useful Articles
GitHub repository integration with Terraform Cloud to Deploy and Manage Azure
Resolved Terraform Error: POST https api.github.com user repos 401 Requires authentication
Azure DevOps Enable creation of classic build release pipelines grayed out
Adding parameters in Azure DevOps pipelines examples Part 1
Azure Web App Containers Cannot perform credential operations for providers Microsoft.ContainerRegistry ad admin user is disabled, enable it
Create CPU quota usage alerts for subscription using Azure ARM templates and PowerShell
Configure CPU quota usage alerts for subscription using Azure Bicep templates and Azure CLI
Deploy CPU quota usage alerts for subscription using Terraform azapi provider
Deploying Azure ARM templates with Terraform and terraform templatefile example (CPU Quota alerts in subscription with ARM templates)
Azure resource group deployments with ARM JSON templates in Subscription with PowerShell
Deploying Azure ARM templates using Terraform
